Authentication is the process of verifying the identity of a user who wishes to access a given virtual or physical asset, such as computer network, software application, bank account or room in a building. The three most common authentication methods are knowledge-based, token-based, and biometrics-based. For example, a user of a computer application typically authenticates (“logs in”) using the knowledge-based method by typing in a unique user identifier (“userid” or “username”) and a corresponding password that supposedly only he knows to verify his identity. Knowledge-based authentication has been widely employed because of its ease of use and ease of changing the user identifier and password. However, passwords are easily lost, stolen or shared and, because of that, knowledge-based authentication tends to verify who knows the password, not the identity of the user.
Token-based authentication uses physical keys, comparing data from a physical device that a user owns, referred to as a token, such as a smartphone, smartcard, or hardware device that provides a one-time-use password that changes periodically. However, tokens are also easily lost, stolen or shared and, because of that, token-based authentication tends to verify who possesses the device, not the identity of the user.
Biometrics-based mechanisms use unique physiological characteristics such as fingerprints, voice and iris patterns, which are very difficult to steal or share. But biometric authentication suffers the disadvantage of requiring sophisticated hardware and software technology to measure the biometric factor on every device that requires authentication for access, an expensive proposition.
As a result of the deficiencies on the various authentication methods, it is often difficult to have a high degree of confidence that the user accessing an asset is the user who was given authorization from the asset holder. In some cases, not only is the user not the authorized user, but there may be several users using the authentication words or tokens that supposedly belong to only the authorized user. This results in unauthorized shared access which can lead to data breaches to unauthorized third parties and lost revenue in situations where the access is based on a user fee per authorized user.
One common method to improve the confidence in authentication is to rely on multi-factor authentication, for example combining a password (knowledge-based authentication) with a given smartphone (token-based authentication), thus increasing the likelihood that the user is who is entering the authentication factors is the authorized user.
Recently there has been increased adoption of computing devices that include a touch screen: a display that provides an interface for interacting with the computer by touching the screen and capturing the location and timing of the touches as data for processing by the computer operating system and applications. Some devices also capture the pressure of the touch upon the screen. The availability of this data creates an opportunity to use handwriting as a biometric behavioral mechanism as a part of multi-factor authentication without the complications of more sophisticated and uncommon biometric hardware.
Therefore, it is an object of this invention to provide a method of authentication using handwriting. It is another object of this invention to provide a method of authentication using handwriting as part of multi-factor authentication. It is a further object to provide a method that uses handwriting to detect unauthorized sharing of authentication factors.